Search for packages
| purl | pkg:deb/debian/dpkg@1.18.24 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hy4s-c76f-aaak
Aliases: CVE-2022-1664 |
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bace-jatv-aaac | Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. |
CVE-2015-0860
|
| VCID-v1fh-mtmc-aaab | dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. |
CVE-2017-8283
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T14:55:29.619928+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:32:08.278575+00:00 | Debian Oval Importer | Fixing | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:30:28.462391+00:00 | Debian Oval Importer | Fixing | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T01:19:01.545286+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | None | 36.1.3 |
| 2025-06-20T21:44:19.992989+00:00 | Debian Oval Importer | Fixing | VCID-bace-jatv-aaac | None | 36.1.3 |
| 2025-06-20T21:28:45.016132+00:00 | Debian Oval Importer | Fixing | VCID-v1fh-mtmc-aaab | None | 36.1.3 |
| 2025-06-08T07:48:58.020847+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:26:10.972502+00:00 | Debian Oval Importer | Fixing | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:29:55.682392+00:00 | Debian Oval Importer | Fixing | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T18:41:47.463084+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | None | 36.1.0 |
| 2025-06-07T15:07:17.213541+00:00 | Debian Oval Importer | Fixing | VCID-bace-jatv-aaac | None | 36.1.0 |
| 2025-06-07T14:51:24.997618+00:00 | Debian Oval Importer | Fixing | VCID-v1fh-mtmc-aaab | None | 36.1.0 |
| 2025-04-12T22:08:11.945329+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:43:07.605048+00:00 | Debian Oval Importer | Fixing | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:50:25.690529+00:00 | Debian Oval Importer | Fixing | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T06:21:24.584511+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:58:29.560341+00:00 | Debian Oval Importer | Fixing | VCID-bace-jatv-aaac | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:01:11.846012+00:00 | Debian Oval Importer | Fixing | VCID-v1fh-mtmc-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T17:19:35.805936+00:00 | Debian Oval Importer | Affected by | VCID-hy4s-c76f-aaak | None | 36.0.0 |
| 2025-04-07T13:39:02.514341+00:00 | Debian Oval Importer | Fixing | VCID-bace-jatv-aaac | None | 36.0.0 |
| 2025-04-07T13:23:25.239987+00:00 | Debian Oval Importer | Fixing | VCID-v1fh-mtmc-aaab | None | 36.0.0 |